]>
Commit | Line | Data |
---|---|---|
321d628a FG |
1 | From 35ef33d8c7a31a246e499588a28717ef0bfa2a91 Mon Sep 17 00:00:00 2001 |
2 | From: Thomas Gleixner <tglx@linutronix.de> | |
3 | Date: Sun, 31 Dec 2017 16:52:15 +0100 | |
633c5ed1 | 4 | Subject: [PATCH 222/242] x86/ldt: Make LDT pgtable free conditional |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | Andy prefers to be paranoid about the pagetable free in the error path of | |
12 | write_ldt(). Make it conditional and warn whenever the installment of a | |
13 | secondary LDT fails. | |
14 | ||
15 | Requested-by: Andy Lutomirski <luto@amacapital.net> | |
16 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
17 | (cherry picked from commit 7f414195b0c3612acd12b4611a5fe75995cf10c7) | |
18 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
19 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
20 | (cherry picked from commit 4e23d9d8427c9b2bd10176bd56dfcaca5e0d6b0f) | |
21 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
22 | --- | |
23 | arch/x86/kernel/ldt.c | 3 ++- | |
24 | 1 file changed, 2 insertions(+), 1 deletion(-) | |
25 | ||
26 | diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c | |
27 | index 9a35b7e541bc..51af781fac85 100644 | |
28 | --- a/arch/x86/kernel/ldt.c | |
29 | +++ b/arch/x86/kernel/ldt.c | |
30 | @@ -425,7 +425,8 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) | |
31 | * already installed then the PTE page is already | |
32 | * populated. Mop up a half populated page table. | |
33 | */ | |
34 | - free_ldt_pgtables(mm); | |
35 | + if (!WARN_ON_ONCE(old_ldt)) | |
36 | + free_ldt_pgtables(mm); | |
37 | free_ldt_struct(new_ldt); | |
38 | goto out_unlock; | |
39 | } | |
40 | -- | |
41 | 2.14.2 | |
42 |